Privacy Policy

At the Newt in Somerset, a trading name of Emily Estate (UK) Ltd we are committed to protecting the data that we hold and use about you and to respecting your privacy.

We are confident that you will find the information that you need set out in this policy, but if you need to know more about the personal data that we hold or the ways that we use it, you can contact us by email at [email protected] or 01963 577700 or by post at Estate Office, The Newt in Somerset, Bruton, Somerset, BA7 7NG.

This policy covers:

1. About this policy
2. The way that we use your personal data
   1. What personal data do we collect?
   2. How do we collect personal data?
   3. How do we use personal data?
   4. How do we share your personal data?
3. Other Uses and Disclosures
4. Sensitive Personal Data
5. The Processing of Children’s Data
6. Security and retention of your personal data
7. Your rights and how to contact us
8. Changes to this privacy policy

1) ABOUT THIS POLICY

This policy [(together with our website site terms of use and any other documents that we may refer to within this policy)] describes the personal data that we collect from you or about you during the course of our business, and the ways that we use it. Please read the policy carefully as it will help you to understand the way that we use your data and our reasons for doing so. The "data controller" of your personal data (in other words, the organisation that determines how your data is used) is Emily Estate (UK) Ltd (company number 08496160) with registered address: Estate Office, the Newt in Somerset, Bruton, Somerset, BA7 7NG.

2) THE WAY THAT WE USE YOUR PERSONAL DATA

A) What personal data do we collect?

"Personal data" is any information that could be used to identify you in some way. The personal data that we collect, store and use from or about you may (depending on our relationship with you) include the following:

• name;
• date of birth;
• address;
• e-mail address;
• phone number;
• demographic information (including gender);
• if you are a sole trader who supplies us with goods or services, we may also collect details such as your business' VAT number (only in instances where we need to issue you with a tax invoice);
• your social media handle (in instances where you interact with us on social media such as on Facebook, Instagram or Twitter);
• any personal data you give to us in our general communications with you (for example when you make an enquiry via email, interact with us on social media, or speak to someone from the team over the phone);
• images of you on our CCTV footage on our premises;
• information about your computer and about your visits to and use of our website (including information about how and when you came to visit our website, how you interacted with the website (page response times, download errors, length of visit to certain pages, page interaction information such as scrolling, click, and mouse-overs) and where you went next (including full URLs and methods used to browse away from the site); and
• technical information about the way you access our website including your IP address, geographical location, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and device information.

B) How do we collect personal data?

We collect personal data in a variety of ways including:

• directly from you: when you voluntarily provide this information to us (for example when you contact us, interact with us on social media, visit us, or book to stay with us directly);
• directly from the person who made the booking: if another person has made a booking on your behalf to stay with us, attend an event or otherwise visit us and has provided us with information about you in order to make the booking;
• from other publically available sources: from time to time, we access and store information which is available from public sources including some personal data (for example, we may have access to information on your social media profile when you interact with us on any social media platform we use);

• from third party service providers or partners: we engage with third parties to provide services to us for specific functions and in certain instances they will share personal data you provide to them with us. For example the following categories of third parties may share personal data with us:

  • when you book to stay with us through travel agent or booking platform, for example, you can book to stay with us using Booking.com and they will pass your information to us to administer the booking. You can find out more about the ways Booking.com uses your personal data on their privacy policy which you can find here; and
  • when you give your consent to one of our partners to pass your personal data to us, for example, we currently offer a promotion through Candide, Candide will send certain information to us as part of this promotion where you have given your consent for Candide to do so. You can find out more about way the ways Candide uses personal data on their privacy policy which is available here;

  for more information about the service providers we work with please see section D below.

• otherwise through your browser or device or through our servers: certain information is collected by most browsers or automatically through your device, and we also collect your IP address or other device identifier (this enables us to recognise your computer or device when you use the website) via our server log files.

• through cookies: We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data. Our site uses cookies to recognise you when you visit and use the website. This helps us to provide you with a good experience when you browse our website and also allows us to make any adjustments or improvements. For more information on the cookies we use, the purposes for which we use them and ways to limit the use of cookies and similar technologies in relation to your browsers or devices, please see our Cookie Policy.
• Google Adwords We may use Google AdWords, a web analytics and search engine advertising campaign management service. Google AdWords uses cookies, web beacons, and other means to help us analyse how users use the site. You may find Google's Privacy Policy at https://www.google.com/intl/en/privacypolicy.html.
• Google Analytics We collect data through Google Analytics, which use cookies and technologies to collect and analyse data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/ and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

C) How do we use personal data and what is our justification for doing so?

We use your personal data for a variety of purposes related to the day to day running of our business and ensuring the highest standards of service during your visit. From a legal perspective, there are various reasons and justifications for doing so and we have set out an explanation of these below.

In order to run our hotel, welcome guests and visitors to our premises, and ensure the provision of any products and services we offer to you:

• to ensure we reserve a space for you, meet any requirements you have and so that we can communicate with you in relation to your booking;
• to provide you with the information, products and services on our website or that you otherwise request, and communicate with you regarding your stay or visit, or respond to your questions and comments;
• so that we can meet any dietary or health requirements you have (where relevant and essential for the services we are providing to you);

We use your personal data in this way either because we have a contract with you (for example, if you booked to stay with us we will need to process your data to ensure there is a room available for you) or because it is in our legitimate interests to do so (for example, it is in our interests to ensure that we meet the needs of all our guests and visitors and ensure everyone has an enjoyable experience) but we will always ensure that your rights are protected.

If we process any dietary or health information (or other particularly sensitive personal data) we will only ever do this with your explicit consent or as otherwise permitted under relevant data protection laws.

For marketing purposes, including to measure how effective our marketing is:

• when you have stayed with us or otherwise visited us (such as visited our gardens) we may to send you marketing communications relating to our business by post or by email (or similar technology) which we think may be of interest to you based on your previous relationship with us;
• where you have given your consent (by voluntarily opting to receive such communications from us) we will send you information about promotions, special offers and events, including special offers and information about our beautiful partner resorts and exclusive retail partnerships;
• to measure the effectiveness of our marketing campaigns and our advertising;

We rely on your consent to contact you directly by email about our business and any events we are running where we do not have a historic relationship with you. You can revoke this consent at any time.

In other scenarios, we will rely on our legitimate interests as a business, always ensuring that your rights are protected. You can inform us at any time if you no longer wish to receive marketing communications.

To share information with other third parties for marketing purposes but only where we have your consent to do so:

• we may occasionally share information about our customers with our partners so that they can send you information about any of their services you may be interested in. For more information about the way we share data please see section D below.

We will only ever share any personal data with third parties for marketing purposes where we have your consent to do so. You have the right to revoke your consent at any time.

In order to fulfil our agreement with you: - if you are a sole trader who supplies us with goods and/or services we will use some personal data to ensure we are able to pay you or otherwise perform our agreement with you;

We use your personal data in this way either because we have a contract with you (for example, we will need to process certain personal data in order to pay your invoice) or because it is in our legitimate interests to do so (for example, from time to time we may wish to undertake credit checks on our suppliers) but we will always ensure that your rights are protected.

For administrative and internal business purposes:

• to ensure that content on our website is presented in the best and clearest manner for you and for your device;
• to administer our website for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• for our general internal business purposes, such as analysing and managing our businesses, audits, enhancing our offering including on our website, and identifying trends. For these purposes, personal data will be aggregated and looked at on a statistical basis;
• for information about how we use our cookies, please see our cookie policy.

It is in our legitimate interests as a business to use your data in this way. For example, we have a clear interest in ensuring that our website works properly and that our services are high quality and efficient. We will always ensure that your rights are protected.

For security and legal and compliance purposes:

• for taxation purposes such as to comply with tax laws;
• as part of our efforts to keep our website safe and secure;
• to detect or prevent fraud or other illegal activity;
• as we believe to be necessary or appropriate in each case in order to comply with laws or legal process (including laws or legal process in other countries); and
• to protect our rights or property (or the rights or property of others) and to enforce our rights and pursue available remedies (this includes the use of CCTV on our premises).

In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your data in this way. We will always ensure that your rights are protected.

Profiling

We currently do not use personal data for any form of automated processing which makes assumptions about our customer's behaviours or backgrounds. If our practices change we will ensure we inform you by updating this privacy policy.

D) How do we share your personal data?

We will never sell your personal data or give it to anyone else for them to use for their own purposes without making that clear to you, however, we do sometimes still share your personal data in various ways, as set out below:

(i) Sharing with organisations providing services to us:

We engage various third parties to provide services to us for specific functions, and this will often mean that we need to share your personal data with them (it is in our legitimate interests to do so, since we may not have the capabilities to provide these services ourselves).

For example here are a few of the third parties we work with:

• we use Booking.com to help us take and manage bookings. You can find out more about the ways Booking.com uses your personal data on their privacy policy which you can find here;
• our website is hosted and administered by Babylonstoren Pty Limited. You can find out more about how Babylonstoren uses personal data in their privacy policy which you can find here;
• we use the website analytics provider, Google Analytics, to help us understand how our website is used (this information is aggregated and looked at on a statistical basis only). For more information about Google Analytics please read Google's analytics notice which is available here;
• we use Hubspot to help us manage our interactions with customers and email communications. You can find out more about how Hubspot uses personal data in their privacy policy which you can find here.

In every case, we will ensure that these third parties are only allowed to use your personal data in order to provide the relevant services to us. We will always make sure that we use organisations that we trust to look after your personal data appropriately and as required by applicable laws.

In rare circumstances we may need to share some data, including personal data with our insurers. We will only pass information to the insurer that it needs to provide adequate insurance cover and will always make sure we use insurers we trust to keep your personal data in the strictest confidence and as required by the law.

(ii) Sharing data in connection with changes to our group structure or the ownership of our business:

We are not currently part of a corporate group, however, if we sell or propose to sell our business or part of it, we may need to disclose your personal data to prospective buyers. Similarly, if our ownership structure changes, we may need to disclose your personal data to the new owners or operators of our website as part of that process.

(iii) Sharing data to comply with laws:

There may be scenarios where we are subject to a legal obligation to disclose or share your personal data, such as with law enforcement agencies or public authorities in order to prevent or detect crime.

International transfers of personal data

Some of the processes involved in our use of your personal data (or the services our third party suppliers provide involving use of your personal data) may require your data to be stored or processed in countries outside of the European Economic Area (the "EEA") or outside of the United Kingdom. When this occurs we will make sure that we take steps necessary to protect your data as required by applicable laws, for example by implementing appropriate safeguards including by agreeing appropriate contract terms with the recipient of the data or by relying on recognised certifications such as the EU-US privacy shield.

3) OTHER USES AND DISCLOSURES

We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of NEWT IN SOMERSET, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

4) SENSITIVE PERSONAL DATA

NEWT IN SOMERSET will only request Sensitive Personal Data to safeguard a guest’s or its own interests. Examples are a guest’s health when using the Spa, allergy information that the hotel or restaurant should be made aware of or identity information required for legal purposes or to prevent fraud.

5) THE PROCESSING OF CHILDREN’S DATA

NEWT IN SOMERSET Services are not directed to children under the age of thirteen (13); although of course children accompanied by their parents, guardians or responsible adult are welcome at NEWT IN SOMERSET.

A Parent of Legal Guardian must provide any Personal Data or Sensitive Personal Data to NEWT IN SOMERSET if they wish NEWT IN SOMERSET to deliver tailored services to their Child; for example, remembering a birthday or catering for allergies.

6) SECURITY AND RETENTION OF YOUR PERSONAL DATA

(i) Security of your personal data:

We will ensure that appropriate technical and organisational measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data and we have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.

(ii) Retention of your personal data:

We will only retain your personal data for as long as is necessary for the purposes described in this privacy policy. This means that the retention periods will vary according to the type of the data and the reason that we have the data in the first place. For example, only store information relating to any allergies or health conditions you have for the period of your stay with us whereas other personal data such as data processed as part of a marketing database where you have consented to receiving marketing communications from us will be kept until such consent is revoked or we no longer undertake marketing activities.

7) YOUR RIGHTS AND HOW TO CONTACT US

The law gives you a number of rights in relation to your personal data and our use of it. You have the right: 1. to ask us not to use your personal data for direct marketing purposes; 2. to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party); 3. to ask us to correct or update any personal data which is inaccurate; 4. to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to process it; 5. to ask us to temporarily stop using your data if you don't believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and 6. not to be subject to decisions made solely on the basis of 'automated processing' (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.7. The right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and to also request us to transmit this data directly to another controller of your choice.

If you would like to exercise any of the rights listed above, or if you have any queries or concerns about the way that we use your personal data (or any questions about this privacy policy), you can contact us by email at [email protected] or 01963 577700 or by post at Estate Office, The Newt in Somerset, Bruton, Somerset, BA7 7NG.

THE SUPERVISORY AUTHORITY Should you wish to lodge a complaint regarding an alleged infringement of the data protection laws, The Supervisory Authority for the United Kingdom is:

The Information Commissioner’s Office Helpline: +44 (0) 303 123 1113

https://ico.org.uk/concerns/

Note: we would recommend in the first instance, contacting us about any complaint so we may be able to resolve any matter.

8) CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our privacy policy in the future will be posted on this site. We may also email you with any changes if we have your email address. Please check back frequently to see any updates or changes to our privacy policy.